From the Boing Boing Shop

Follow Us

Back in 2016, we published a good technological explainer about Intel's Management Engine, an evolution of the decade-plus old idea of "Trusted Computing," in which a separate, isolated system-on-a-chip lives alongside of your computer, performing cryptographic work and overseeing the functions of your computer.

Conceptually, this idea has some real utility (an example of it can be found in the introspection engine that Bunnie Huang and Ed Snowden are collaborating on), but the devil is in the details: trusted computing can also be used to take away control from the computer's users, allowing corporations to shut out their rivals (even when it works as intended) and allowing attackers to run undetectable, unstoppable code (when the developers make mistakes). So this kind of thing requires both good intentions and perfect technical execution.

Alas, Intel has neither.

Less than a year ago, a terrible series of attacks on Active Management Technology surfaced, which Intel has been scrambling to patch. These attacks were sophisticated and involved real technical wizardry.

Here's how it works: when you reboot a computer, you can hold down a special key (usually F12) to enter the BIOS menu. From there, if you select Intel’s Management Engine BIOS Extension (MEBx), you can "change the password, enable remote access, and set the firmware to not give the computer's user an 'opt-in' message at boot time." Basically, you can seize control over the computer in a way that is undetectable and unstoppable for the user.

It's not hard to mitigate this attack: just set a password for MEBx. Unfortunately, most OEMs don't do this, so "admin" works on millions of systems. Every system F-Secure tested was vulnerable.

Now, it's true that you need physical access to effect this attack, but the physical access you need is extremely short, and leaves no trace: starting from a computer that is switched off, you boot it with the F12 held down, enter a few keystrokes and shut it down again. Given that Trusted Computing is supposed to defend against drive-by physical attacks (because the Trusted Computing Module is tamper-evident), this represents a serious inroad against AMT.

Intel's response amounts to "We keep telling OEMs to set a password for MEBx, but they don't, so ¯\_(ツ)_/¯."

Late last month, Intel issued guidelines on best practices for configuring AMT to prevent these and other types of AMT-based attacks on PCs. In the "Q&A" document, Intel acknowledged the problem, but put the onus on PC manufacturers for not properly following Intel's advice:

If the Intel MEBx default password was never changed, an unauthorized person with physical access to the system could manually provision Intel AMT via the Intel MEBx or with a USB key using the default password. If the system’s manufacturer has followed Intel’s recommendation to protect the Intel MEBx menu with the system BIOS password, this physical attack would be mitigated.

Sintonen said that all the laptop computers he had tested so far were vulnerable to the attack.

At Defcon, Tencent's Wu HuiYu and Qian Wenxiang presented Breaking Smart Speakers: We are Listening to You, detailing their work in successfully exploiting an Amazon Alexa speaker, albeit in a very difficult-to-achieve fashion.

Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible, though the Digital Ally models are the least bad of the batch, as Wired's Lily Hay Newman reports.

Adam Guerbuez is a cryptocurrency evangelist whose Youtube channel is full of videos promoting cryptocurrency trading; when he got a Twitter message from a scammer promising to send him free Ethereum coins, he asked the scammer if they could talk about the scam.

Traveling isn’t always the most comfortable experience, but at least you have your music to keep you company on those long flights. That is, until your chatty neighbor and that crying baby three seats over drown out your playlist. These Paww WaveSound 3 Noise-Cancelling Bluetooth Headphones block up to 20 decibels of audio, so you can […]

SEO can be a fickle creature, but it can work in your favor—you just need the right tools. When it comes to getting your site on that coveted first page of Google, SERPstash Premium simplifies the process with 21 user-friendly tools designed to break down your page’s performance and show you where you can improve. Lifetime […]

Running a Shopify store is a great way to net some extra cash on the side or—if you really know what you’re doing—replace your 9-to-5 altogether. However, success doesn’t come naturally, and newcomers tend to receive mixed results when starting on their own. This E-Commerce Bootcamp can help start your Shopify venture off on the right […]